This post features computer network authentication protocols.
Do not confuse the authentication protocols with the Authentication, Authorization and Accountability (AAA) protocols like RADIUS or TACACS+. Authentication protocols works in the OSI layers 2 and 3, and AAA protocols in layer 7. You can read more about the AAA protocols on this post.
List of Authentication Protocols
Authentication protocols featured on this post:
- PAP
- CHAP
- MS-CHAPv2
- EAP
PAP
Password Authentication Protocol (PAP) transmits usernames and passwords in plaintext. It offers no form of encryption; it simply provides a means to transport the logon credentials from the client to the authentication server.
CHAP
Deprecated
Challenge Handshake Authentication Protocol (CHAP) uses a challenge-response dialogue that cannot be replayed, and performs periodic re-authentication.
It encrypts both the username and password.
CHAP is considered unsafe as it uses the vulnerable algorithm MD5.
MS-CHAPv2
MS-CHAPv2 is a custom update of the protocol by American company Microsoft, and its used is preferred over the original CHAP.
EAP
IEEE 802.1X is based on EAP.
You can read more about EAP on this post.
Authentication Data Standards
The authentication data standard featured on this post is:
- SAML
SAML
Security Access Markup Language (SAML) is both a protocol an a data standard for authentication, primarily used as a web-based protocol. You can read more about it and web-based IAM protocols on this post.
External References
- Chapman et al; “CISSP Official Study Guide 9th Edition”, 583-585; Wiley, 2021